Lucene search

[email protected]CVE-2005-3817

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3817

2005-11-2602:03:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2005-3817

sql injection

security vulnerability

softbiz web host directory script

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

Affected configurations

NVD

Node

softbizweb_hosting_directory_scriptRange≤1.1

CPENameOperatorVersion
softbiz:web_hosting_directory_scriptsoftbiz web hosting directory scriptle1.1

CPE	Name	Operator	Version
softbiz:web_hosting_directory_script	softbiz web hosting directory script	le	1.1

References

pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html

secunia.com/advisories/17724

www.osvdb.org/21079

www.osvdb.org/21080

www.osvdb.org/21081

www.osvdb.org/21082

www.osvdb.org/21083

www.securityfocus.com/bid/15561

www.vupen.com/english/advisories/2005/2557

exchange.xforce.ibmcloud.com/vulnerabilities/23208

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2005-3817

nvd2 cvelist2 prion1 cve1